The decision made by the Central Bank in early March to periodically monitor the conduct of Pix participants to ensure they maintain in their databases only Pix keys that comply with the names registered in the Federal Revenue’s CPF and CNPJ databases raised a warning signal among financial and payment institutions regarding the need to enhance their transaction monitoring tools. The reason is that the regulatory body is willing to penalize companies that do not remove from their systems keys belonging to individuals and companies with registration statuses such as ‘suspended’, ‘canceled’, ‘deceased holder’, ‘null’, ‘ineligible’, ‘terminated’, and others similar to these.
Alexandre Pegoraro, CEO of Kronoos, a platform that uses AI to conduct research across thousands of sources to verify the integrity of individuals and companies, states that the Central Bank’s decision requires institutions to strengthen their technological structures for transaction monitoring.
According to him, adapting systems to new requirements like these demands that financial institutions make deep adjustments to their structures. ‘Every month, these companies already review millions of alerts related to financial crimes or fraud, with nearly 95% of them being considered “non-suspicious”. Now, these programs will have to add new alerts regarding the compliance of keys with the Federal Revenue’s databases. Hence the importance of having solutions that automate and facilitate this process while ensuring it is carried out quickly and securely,’ he says.
By adopting these new requirements, the Central Bank argued that they aim to make it harder for fraudsters to maintain Pix keys with names different from those stored in the Federal Revenue’s databases. In this regard, the regulatory body itself also promises to actively work to detect Pix keys with names different from those registered with the Federal Revenue, to ensure that participants delete or adjust these keys.
A note published by the body informs that the Central Bank has also prohibited changing information linked to random keys and claiming ownership of email-type keys. Individuals and companies that use random keys and wish to change any information linked to such keys will no longer be able to do so. From now on, they must delete the random key and create a new one with the updated information.
